Cybercriminals Use cPanel Spam to Phish for Website FTP Credentials

cPanelPop quiz!

Let’s say that you get an email saying that your cPanel account may have been compromised and you need to sign into your FTP account to initiate a “security check” on it.

The email says it’s from “cPanel Inc,” has the cPanel logo, has a link that leads you to believe it points to the cPanel website, and warns that your domain may be suspended if you fail to respond within 2 business days.

Check it out:

cPanel Phishing Email
Screenshot Credit: Barracuda Labs

From: cPanel Inc
Subject: Your Messages

cPanel

cPanel Message Center

Dear Customer

Due to our security upgrade to avoid multiple login and an unauthorized access to your online cPanel and FTP account we do require you to sign in your domain name and username and password for security check on your account and afterward we shall send a security code to your email as part of confirmation that your domain has now been properly verified and secured.

To process to confirm and verify your domain for this security check please click

http://www.cpanel.net/login

Failure to confirm your domain within 2 business days may lead to suspension of your domain if we observe any unauthorized login and may lead to total removal of the domain name from our system.

Cpanel Management

Now, should you:

  1. Follow the instructions, click the embedded link and login to your account.
  2. Open a browser window, manually access your website control panel and check for any security alerts.

If your answer was “A” then I have some bad news: you just fell for a phishing scam. Now would be a good time to change your website credentials, if you’re still able to.

What happened?

The link provided in the email leads to a (compromised) third-party website touting a fake cPanel login page.  Any credentials supplied will be sent off to the cybercriminals, and they can use that information to hijack your website and setup drive-by-downloads, phishing pages or whatever else their little black hear desires.

It is important to note that if something suspicious was going on with your account, you’d likely get an email from your web hosting company, not cPanel.

That being said, if you happen to receive an email like the one shown above, be sure that you mouseover any links to check the destination URL first, or skip any possibility of following a malicious link by manually typing in the web address you want to visit instead.

[via Barracuda Labs]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, internet scam, phishing, scam, spam, technology and tagged , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5